Accepting request 419802 from security:privacy

libgcrypt 1.6.6 CVE-2016-6313 (bsc#994157) OBS-URL: https://build.opensuse.org/request/show/419802 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libgcrypt?expand=0&rev=85
2016-08-18 07:41:25 +00:00 · 2016-08-18 07:41:25 +00:00 · 3cd014e39c
commit 3cd014e39c
parent 81354459e3
6 changed files with 14 additions and 5 deletions
--- a/libgcrypt-1.6.5.tar.bz2
+++ b/libgcrypt-1.6.5.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f49ebc5842d455ae7019def33eb5a014a0f07a2a8353dc3aa50a76fd1dafa924
-size 2549601
--- a/libgcrypt-1.6.5.tar.bz2.sig
+++ b/libgcrypt-1.6.5.tar.bz2.sig
--- a/libgcrypt-1.6.6.tar.bz2
+++ b/libgcrypt-1.6.6.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f9461b4619bb78b273a88d468915750d418e89a3ea3b641bab0563a9af4b04d0
+size 2480467
--- a/libgcrypt-1.6.6.tar.bz2.sig
+++ b/libgcrypt-1.6.6.tar.bz2.sig
--- a/libgcrypt.changes
+++ b/libgcrypt.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Aug 17 18:21:44 UTC 2016 - astieger@suse.com
+
+- libgcrypt 1.6.6:
+  * fix CVE-2016-6313: Issue in the mixing functions of the random
+    number generators allowed an attacker who obtained a number of
+    bytes from the standard RNG to predict some of the next ouput.
+    (bsc#994157)
+
 -------------------------------------------------------------------
 Mon May 16 14:37:45 UTC 2016 - pjanouch@suse.de

--- a/libgcrypt.spec
+++ b/libgcrypt.spec
@ -19,10 +19,10 @@
 %define build_hmac256 1
 %define separate_hmac256_binary 0
 %define libsoname %{name}20
-%define sosuffix  20.0.5
+%define sosuffix  20.0.6
 %define cavs_dir %{_libexecdir}/%{name}/cavs
 Name:           libgcrypt
-Version:        1.6.5
+Version:        1.6.6
 Release:        0
 Summary:        The GNU Crypto Library
 License:        GPL-2.0+ and LGPL-2.1+ and GPL-3.0+